From 8f88801af60ca3cfa986ac9f6fb489b35d8aedf1 Mon Sep 17 00:00:00 2001
From: gemini <gemini@example.com>
Date: Fri, 27 Feb 2026 11:13:05 +0100
Subject: [PATCH] refactor(wireguard_server): Load vault inside role using
 include_vars

---
 playbooks/services/wireguard-cerberus.yml | 3 ---
 roles/wireguard_server/tasks/main.yml     | 8 ++++++--
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/playbooks/services/wireguard-cerberus.yml b/playbooks/services/wireguard-cerberus.yml
index e6315d6..19b6320 100644
--- a/playbooks/services/wireguard-cerberus.yml
+++ b/playbooks/services/wireguard-cerberus.yml
@@ -1,9 +1,6 @@
 - name: cerberos init
   hosts: wireguard-cerberus
   become: true
-  vars_files:
-    - group_vars/vault.yml
-    - group_vars/all.yml
   tasks:
     - name: wireguard-server
       ansible.builtin.include_role:
diff --git a/roles/wireguard_server/tasks/main.yml b/roles/wireguard_server/tasks/main.yml
index 4098843..417f87a 100644
--- a/roles/wireguard_server/tasks/main.yml
+++ b/roles/wireguard_server/tasks/main.yml
@@ -1,4 +1,8 @@
 ---
+- name: Load vault variables
+  ansible.builtin.include_vars:
+    file: ../../group_vars/vault.yml
+
 - name: WStunnel setup
   ansible.builtin.import_tasks: wstunnel.yml
 
@@ -9,7 +13,7 @@
     owner: root
     group: root
     mode: '0644'
-  notify: wireguard-server restart
+  notify: Restart wstunnel
 
 - name: Install iptables
   ansible.builtin.package:
@@ -19,4 +23,4 @@
   ansible.builtin.service:
     name: wg-quick@wireguardserver
     state: started
-    enabled: true
\ No newline at end of file
+    enabled: true